I thought this infographic on the “8 Levels of IT Security” was worth sharing.

I thought this infographic on the “8 Levels of IT Security” was worth sharing.

While I don’t see each of these as completely distinct, I believe they are all important aspects of enterprise security, as follows:

1) Risk Management – With limited resources, we’ve got to identify and manage the high probability, high impact risks first and foremost.

2) Security Policy – The security policy sets forth the guidelines for what IT security is and what is considered acceptable and unacceptable user behavior.

3) Logging, Monitoring, and Reporting – This is the eyes, ears, and mouth of the organization in terms of watching over it’s security posture.

4) Virtual Perimeter – This provides for the remote authentication of users into the organization’s IT domain.

5) Environment and Physical – This addresses the physical protection of IT assets.

6) Platform Security – This provides for the hardening of specific IT systems around aspects of its hardware, software, and connectivity.

7) Information Assurance – This ensures adequate countermeasures are in place to protect the confidentiality, integrity, availability, and privacy of the information.

8) Identification and Access Management – This prevents unauthorized users from getting to information they are not supposed to.Overall, this IT security infographic is interesting to me, because it’s an attempt to capture the various dimensions of the important topic of cyber security in a straightforward, visual presentation.

However, I think an even better presentation of IT security would be using the “defense-in-depth” visualization with concentric circles or something similar showing how IT security products, tools, policies, and procedures are used to secure the enterprise at every level of its vulnerability.

IT security is not just a checklist of do’s and don’t, but rather it is based on a truly well-designed and comprehensive security architecture and its meticulous implementation for protecting our information assets.

Does anyone else have any other really good visualizations on cyber security?